General

  • Target

    159a7af39c0d6c2334df77088fe2d545a96d591dbf2b85c373a4a45377f492c4.bin

  • Size

    4.2MB

  • Sample

    241027-11vxsatdrh

  • MD5

    68139c9e7960d3eb956472bdc5ed5ad2

  • SHA1

    dba76029847dce4aa71d0e48bdf7cfe7e0174f35

  • SHA256

    159a7af39c0d6c2334df77088fe2d545a96d591dbf2b85c373a4a45377f492c4

  • SHA512

    3efa922963f3d754eace54187875aa41be3a5fa353c4e217c6c3424aedb5fd7e00932ccd163288e7c34b906ffdfaf849f79f5b2bac0557301361f696cdfe541e

  • SSDEEP

    98304:s1H2sNAKHdW7C31CrRpPc1qYSUITkBElGfZnGp972k0OOnbG8h:s1Q7C+pmqJr0zfZGpYrA6

Malware Config

Targets

    • Target

      159a7af39c0d6c2334df77088fe2d545a96d591dbf2b85c373a4a45377f492c4.bin

    • Size

      4.2MB

    • MD5

      68139c9e7960d3eb956472bdc5ed5ad2

    • SHA1

      dba76029847dce4aa71d0e48bdf7cfe7e0174f35

    • SHA256

      159a7af39c0d6c2334df77088fe2d545a96d591dbf2b85c373a4a45377f492c4

    • SHA512

      3efa922963f3d754eace54187875aa41be3a5fa353c4e217c6c3424aedb5fd7e00932ccd163288e7c34b906ffdfaf849f79f5b2bac0557301361f696cdfe541e

    • SSDEEP

      98304:s1H2sNAKHdW7C31CrRpPc1qYSUITkBElGfZnGp972k0OOnbG8h:s1Q7C+pmqJr0zfZGpYrA6

    • TgToxic

      TgToxic is an Android banking trojan first seen in July 2022.

    • TgToxic payload

    • Tgtoxic family

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

    • Obtains sensitive information copied to the device clipboard

      Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

    • Acquires the wake lock

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

    • Performs UI accessibility actions on behalf of the user

      Application may abuse the accessibility service to prevent their removal.

    • Queries information about active data network

    • Queries the mobile country code (MCC)

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

MITRE ATT&CK Mobile v15

Tasks